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A  Knowledge-Based  Indications  and  Warning  Toolkit  for  Mixed-Initiative 

Information  Warfare  Analysis 

Shipboard  intelligence  centers  deployed  in  littoral  regions  are  the  “front  line”  for  naval  intelligence 
gathering.  Onboard  cryptanalysts  need  to  monitor  multiple  information  sources  for  trends  and  deviations  from 
expected  norms,  detect  and  properly  interpret  the  unusual,  and  generate  Indications  and  Warning  (I&W). 

Anticipated  reductions  in  shipboard  manning  and  increases  in  the  quantity  of  available  sensor  data  will  further 
exacerbate  workload  for  intelligence  personnel.  New  information  fusion  technology  is  required  to  help 
intelligence  analysts  meet  these  challenges. 

During  Phase  I,  we  constructed  an  ontology  of  the  I&W  generation  domain,  developed  pattern  scripting 
tools  to  capture  patterns  of  potential  interest,  and  designed  a  data-driven  inference  engine  to  identify  enemy 
activities  from  large  volumes  of  sensor  data. 

The  objective  of  the  ontology  is  to  represent  key  features  of  the  sensor  domain  and  the  Information  Warfare 
(IW)  battlespace.  An  ontology  is  a  vocabulary  that  represents  the  key  features  of  a  domain  and  translates  the 
important  domain-level  terms  into  a  formal  language  .  It  includes  machine  interpretable  definitions  of  basic 
concepts  in  the  domain  and  relations  between  them.  In  our  application,  the  ontology  provides  us  the  basic 
“building  blocks”  or  data  model  from  which  more  complex  patterns  and  scripts  can  be  constructed.  The 
ontology  developed  for  the  I&W  domain  models  the  sensor  domain,  elements  of  the  IW  battlespace,  and 
operational  activities  and  intentions.  The  I&W  ontology  centers  around  two  basic  components:  (1)  Sensor  Data, 
and  (2)  Battlespace  Data. 

In  order  to  assess  potential  situations  of  interest,  intelligence  analysts  rely  upon  knowledge  and  experience 
gained  in  the  analysis  of  past  events  and  situations.  Over  time,  analysts  may  assess  a  number  of  similar 
situations  occurring  within  their  domain,  and  patterns  may  emerge  that  characterize  situations  or  events  of 
interest.  To  aid  the  analyst  in  accurately  assessing  situations  and  events,  pattern  scripting  tools  are  required  to 
define  and  create  models  describing  each  type  of  situation  of  potential  interest.  During  Phase  I  we  developed 
two  pattern  scripting  tools,  the  Rules  Wizard  and  the  Script  Editor,  to  allow  the  analyst  to  relate  events  and 
objects  in  certain  ways  that  can  describe  the  general  pattern  of  occurrences  within  situations  of  interest.  These 
tools  enable  a  user  who  is  neither  a  computer  programmer  nor  a  logician  to  write  rules  in  a  language  we 
developed,  the  pattern  query  language,  that  is  close  to  ordinary  English,  but  it  also  has  a  formally  specified 
syntax  that  makes  it  possible  to  translate  such  rules  into  a  formal  representation.  The  two  major  components  of 
the  pattern  query  language  are  trends  and  scripts. 

Finally,  during  Phase  I  we  developed  a  pattern  identification  process  consisting  of  three  steps.  During  the 
first  step,  the  Data  Transformer  module  performs  basic  statistical  operations  on  the  raw  sensor  data.  The 
purpose  of  this  step  is  to  transform  the  sensor  data  into  the  sensor  domain  ontology.  During  the  second  step,  the 
Pattern  Compilation  Tool  translates  the  trend  and  script  representations  into  a  mathematical  formulation  that 
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can  be*  systematically  solved.  During  the  last  step,  the  Inference  Engine  matches  the  transformed  sensor  data 
against  the  enemy  patterns  defined  by  the  user  and  computes  a  confidence  level  for  each  trend  and  script.  This 
confidence  level  is  a  quantitative  measure  of  whether  the  observed  events  are  indicative  of  the  behavior 
captured  by  the  particular  trend  or  script. 

The  resulting  Phase  I  I&W  generation  toolkit 

•  Provides  a  “corporate  memory”  that  captures  analysts’  local  I&W  expertise. 

•  Facilitates  timely  analysis  of  large  quantities  of  sensor  data  gathered  from  multiple  sensors. 

•  Enables  detection  of  Indications  and  Warnings  quickly  and  reliably  in  the  face  of  new  and  complex 
signal  environments,  with  a  much  smaller  staff. 


